package com.xyh.backend2.controller;

import com.xyh.backend2.annotation.Role;
import com.xyh.backend2.service.AuthenticationService;
import jakarta.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;

@RestController
@RequestMapping("/api")
public class UserController {

    // 假设有一个服务用于验证用户名和密码，并返回用户角色
    @Autowired
    private AuthenticationService authenticationService;


    // 模拟登录功能
    @PostMapping("/login")
    public ResponseEntity<Void> login(@RequestParam String username, @RequestParam String password, HttpSession session) {
        int role = authenticationService.authenticate(username, password);
        if (role != Role.GUEST) {
            session.setAttribute("role", role); // 将用户角色存储在session中
        }
        return ResponseEntity.ok().build();
    }


    // 使用Role注解和拦截器实现权限控制
    @PostMapping("/user")
    public ResponseEntity<Void> getUser(@RequestParam String id, @Role(Role.USER) HttpSession session) {// 用户权限
        return ResponseEntity.ok().build();
    }

    @DeleteMapping("/user")
    public ResponseEntity<Void> deleteUser(@RequestParam String id, @Role(Role.ADMIN) HttpSession session) {// 管理员权限
        return ResponseEntity.ok().build();
    }
}
